Pārlūkot izejas kodu

Various tidying

Bob Mottram 11 gadus atpakaļ
vecāks
revīzija
341e590dcf
1 mainītis faili ar 21 papildinājumiem un 22 dzēšanām
  1. 21
    22
      beaglebone.txt

+ 21
- 22
beaglebone.txt Parādīt failu

@@ -43,7 +43,7 @@ As Eben Moglen noted in his now famous [[https://www.youtube.com/watch?v=QOEMv0S
43 43
 ** After it's installed will it need a lot of maintenance?
44 44
 So long as the hardware is ok the amount of maintenance needed should be very small.  Unlike on Windows based systems you don't need to defragment drives or mess about with anti-virus programs.  I ran a similar Sheevaplug system between 2010 and 2013 with only occasional software updates or reboots, and uptime was probably 99% or better.
45 45
 ** Is it secure?
46
-Nothing is totally secure or infallible.  You could have the most secure technology and yet still use easy to guess passwords.  In general any software described as "uncrackable" or "guaranteed secure" is likely to be bogus and should be treated with suspicion.  No matter what the hype may claim, all software has bugs so it's really a question of whether your communications are more secure or less secure.  Using something like Freedombone will be likely to increase your degree of communications security to a level which is above average.
46
+Nothing is totally secure or infallible.  You could have the most secure technology and yet still use easy to guess passwords.  In general any software described as "uncrackable", "guaranteed secure" or "NSA-proof" is likely to be bogus and should be treated with suspicion.  No matter what the hype may claim, all software has bugs so it's really a question of whether your communications are more secure or less secure.  Using something like Freedombone will be likely to increase your degree of communications security to a level which is above average.
47 47
 
48 48
 This system will not defend you from an attacker who is actively trying to block or corrupt your communications, but I assume that doesn't apply in the majority of cases.  Another thing to be aware of is that running a FreedomBone could make you more vulnerable to traffic analysis, since the server is associated with your home address and isn't a giant aggregation of users somewhere in the cloud.  You need to weigh this alongside the additional legal protection which owning the server and having it in your own home gives you.
49 49
 
@@ -2645,6 +2645,11 @@ LOCATION="Freedomville"
2645 2645
 ORGANISATION="Freedombone"
2646 2646
 UNIT="Freedombone Unit"
2647 2647
 
2648
+if ! which openssl > /dev/null ;then
2649
+    echo "$0: openssl is not installed, exiting" 1>&2
2650
+    exit 1
2651
+fi
2652
+
2648 2653
 openssl req \
2649 2654
   -x509 -nodes -days 3650 \
2650 2655
   -sha256 \
@@ -2912,7 +2917,7 @@ su
2912 2917
 Install dependencies.
2913 2918
 
2914 2919
 #+BEGIN_SRC: bash
2915
-apt-get install mysql-server libapache2-mod-authz-unixgroup
2920
+apt-get install mysql-server
2916 2921
 #+END_SRC
2917 2922
 
2918 2923
 Create a mysql database, specifying a password which should be a long random string generated with a password manager such as KeepassX.
@@ -2974,7 +2979,7 @@ Within the 443 VirtualHost section add the following:
2974 2979
     }
2975 2980
 #+END_SRC
2976 2981
 
2977
-Save and exit, then restart Apache.
2982
+Save and exit, then restart the web server.
2978 2983
 
2979 2984
 #+BEGIN_SRC: bash
2980 2985
 service nginx restart
@@ -4221,31 +4226,27 @@ Go back to the initial screen and then using the menu you can add contacts and b
4221 4226
 *** Friendica
4222 4227
 **** Installation
4223 4228
 
4224
-See [[Setting up a web site]] for details of how to update the Apache configuration for your Friendica site.  You should have a separate domain name specifically to run Friendica on.  It can't be installed in a subdirectory on a domain used for something else.
4229
+See [[Setting up a web site]] for details of how to update a web server configuration for your Friendica site.  You should have a separate domain name specifically to run Friendica on.  It can't be installed in a subdirectory on a domain used for something else.
4225 4230
 
4226
-Edit your Apache configuration and disable the port 80 (HTTP) version of the site.  We only want to log into Friendica via HTTPS, so to prevent anyone from accidentally logging in insecurely:
4231
+Edit your web server configuration:
4227 4232
 
4228 4233
 #+BEGIN_SRC: bash
4229
-editor /etc/apache2/sites-available/myfriendicadomainname.com
4234
+editor /etc/nginx/sites-available/myfriendicadomainname.com
4230 4235
 #+END_SRC
4231 4236
 
4232
-Replace the section which begins with *<VirtualHost *:80>* with the following, replacing /myusername@mydomainname.com/ with your email address and /myfriendicadomainname.com/ with your Friendica domain name:
4237
+Replace the section which begins with "listen 80" with the following:
4233 4238
 
4234 4239
 #+BEGIN_SRC: bash
4235
-<VirtualHost *:80>
4236
-	ServerAdmin myusername@mydomainname.com
4237
-	ServerName myfriendicadomainname.com
4238
-
4239
-    RewriteEngine On
4240
-    RewriteCond %{HTTPS} off
4241
-    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
4242
-</VirtualHost>
4240
+server {
4241
+    listen 80;
4242
+    rewrite ^ https://$server_name$request_uri? permanent;
4243
+}
4243 4244
 #+END_SRC
4244 4245
 
4245
-Save and exit, then restart the apache server.
4246
+Save and exit, then restart the web server.
4246 4247
 
4247 4248
 #+BEGIN_SRC: bash
4248
-service apache2 restart
4249
+service nginx restart
4249 4250
 #+END_SRC
4250 4251
 
4251 4252
 Now install some dependencies.
@@ -4254,7 +4255,7 @@ Now install some dependencies.
4254 4255
 apt-get install mysql-server php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt php5-fpm php5-cgi php-apc
4255 4256
 #+END_SRC
4256 4257
 
4257
-Enter an admin password for MySQL.
4258
+If you are installing /mysql-server/ for the first time then enter an admin password.
4258 4259
 
4259 4260
 Reduce the memory use of mysql by using the "small" configuration.
4260 4261
 
@@ -4312,9 +4313,7 @@ Now visit the URL of your site and you should be taken through the rest of the i
4312 4313
 | Database Login Password | myfriendicapassword |
4313 4314
 | Database Name           | friendica           |
4314 4315
 
4315
-When installation is complete if you already have an exported account which you wish to import then visit https://myfriendicadomain.com/uimport, rather than registering a new user.  If you get an error when trying to import an account then try increasing the value of LimitRequestBody within your apache configuration and restart the apache2 service.
4316
-
4317
-If you have trouble with "allow override" ensure that "AllowOverride" is set to "all" in your Apache settings for the site (within /etc/apache2/sites-available) and then restart the apache2 service.
4316
+When installation is complete if you already have an exported account which you wish to import then visit https://myfriendicadomain.com/uimport, rather than registering a new user.
4318 4317
 
4319 4318
 Install the poller.
4320 4319
 
@@ -7943,7 +7942,7 @@ You can obtain a free "official" (as in recognised by default by web browsers) S
7943 7942
 
7944 7943
 When creating a SSL certificate it's important that the private key (the private component of the public/private pair in [[https://en.wikipedia.org/wiki/Public-key_cryptography][public key cryptography]]) be generated on the BBB /and remain there/.  Don't generate the private key via the StartSSL certificate wizard because this means that potentially they may retain a copy of it which could then be exfiltrated either via [[https://en.wikipedia.org/wiki/Lavabit][Lavabit]] style methodology, "implants", compromised sysadmins or other "side channel" methods.  So that the private key isn't broadcast on the internet we can instead generate a certificate request, which is really just a request for authorisation of a public key.
7945 7944
 
7946
-Firstly you should have an Apache web site configutaion ready to go. See [[Setting up a web site]] for details.
7945
+Firstly you should have a web server site configuration ready to go. See [[Setting up a web site]] for details.
7947 7946
 
7948 7947
 Within StartSSL under the validations wizard validate your domain, which means sending an email to it and confirming a code.
7949 7948